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DETAILED FINAL ACTION 
Response to Arguments 

1 . Applicant's arguments filed 03/16/2006 have been fully considered but they are 
not persuasive. 

2. Applicant mainly argues that Arrow's management stations, element 160, 
manage VPN units, and thus, all management commands are "VPN" commands. 
Examiner does not agree with this strict interpretation as discussed below. 

First, it is necessary to distinguish the type of commands that the VPN 
management unit sends. Strictly speaking "VPN management commands" in line with 
the applicant's specification, deal with functions that involve encryption of a VPN. 
These functions include encapsulation, routing and forwarding of packets (specification, 
pg. 10, lines 10-20). On the other hand, "non-VPN management command" would 
logically encompass commands outside of the functions stated above. 

Now turning to Arrow, one instance in which the VPN management station 
performs "VPN management commands" per the definition above is by issuing "VPN 
unit objects". VPN management objects comprises encryption, authentication and 
compression algorithms to be used by a VPN (Column 15, lines 15-25). For "non-VPN 
management commands", Arrow discloses configuration commands sent to the VPN 
units which, in and of itself, does not involve encryption of the VPN (the secure tunnel), 
but rather are commands that initialize, update, etc., the VPN unit. Installing a new 
operating system on the VPN unit for instance, requires the VPN management station to 
handle request commands to/from the VPN unit. This is construed to be a "non-VPN 
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management commands since, it is not directly establishing a secure channel. It is 
important to note that these non-VPN commands themselves sent over a secure 
channel (Column 13, lines 5-20 disclose authentication procedures between the VPN 
management station and the VPN unit). Related commands to check for error or 
success of installation of the operating system are also "non-VPN commands" (Column 
14, lines 40-64). 

Again, just because the management station communicates with the VPN unit 
does not mean that all the commands are "VPN commands". VPN commands directly 
relate with encryption and security of the packets that create the secure channel, while 
non-VPN commands deal with configuration of the VPN unit itself. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 47-69 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. While a negative limitation or exclusionary proviso is permissible in the 
claims, it must have basis in the original disclosure (see MPEP 2173. 05(i)). The 
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amendment now includes the limitation "non-VPN", particularly how non-VPN 

management commands are sent over a VPN. Applicant's specification does not 

appear to exclude non-VPN management commands from the VPN. In fact it appears 
f 

the management commands are indeed VPN commands since they configure the VPN 
network environments (Figs. 6 and 7 show management VPN modules, element 655, 
which the management commands appear to configure). Page 8, lines 1-6 and page 
10, lines 15-22 of the specification appears to be the only place where "non-VPN" is 
stated. However, it is not specified that the management commands themselves are 
non-VPN, but only that the links that the management commands are transferred over 
can be non-VPN. 

6. Claims 47-69 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

The amended claims state "non-VPN management commands" being 
sent/carried over a VPN. If these management commands are indeed carried over 
VPN, they would in fact be VPN management commands. It is recommended that 
applicant better differentiate exactly what are VPN and non-VPN management 
commands. Examiner will assume generally that the management commands 
themselves are not involved in the security of the VPN, hence, non-VPN. 

Claim Rejections • 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

8. Claims 47-69 are rejected under 35 U.S.C. 102(e) as being anticipated by Arrow. 

9. Per claims 47, 52, 56, 61 and 66, Arrow discloses a method, network device and 
machine readable medium for secure in-band management of a network device (Fig. 2 
and 3 show what happens at the VPN unit, utilizing compression, encryption and 
authentication rules to meets the definition of VPN, e.g., see Netwon's Telecom 
Dictionary; the network device is the entire unit, elements 140 and 145 of Fig. 1) that 
provides routing and forwarding services (both routing and forwarding services are 
provided by the VPN unit; Fig. 2, element 220-250 expressly show the VPN processing 
the message packet and forwarding the packet to the destination address; note that 
while there is a separate router for VPN to LAN connectivity, e.g., Fig. 1, element 110 to 
1 14 to 1 1 5, it is clear that the same type of routing is performed at the remote clients, 
e.g., packetizing data to be sent over the public network, which the VPN unit is actually 
part of and hence the entire remote client is considered the "network device", e.g., 140 
and 145 is a network device), the method comprising: configuring a VPN for the network 
device (VPN unit configures packets as for VPN by compression, encryption and 
authentication, element 240); linking the VPN to a source of non-VPN management 
commands (Fig. 1, VPN management station 160 is linked to VPN unit via VPN; 
Column 13, lines 3-15 and^ft 7 show that the VPN unit is connected by VPN to the 
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management station; Column 14, the management command sending VPN unit 
configuration commands, such as update OS, check for VPN unit errors, that do not 
deal directly with the secure VPN channel itself, e.g., no encryption algorithms, etc.); 
using the VPN to carry the non-VPN management traffic from the source of 
management commands to the network device (once authenticated, stream of data can 
pass through VPN from the management station 160 to the VPN unit, Column 13, lines 
20-25); and using the network device (Fig. 7 is the OS of the VPN module which is part 
of the overall network device, elements 140 and 145), forwards non-VPN management 
commands to a management port of the network device through a VPN module (Fig. 7, 
elements 717 is the port where management data comes in and out of the VPN unit, 
which here is construed to be the VPN module; regarding what is forwarded out of the 
VPN unit, Arrow discloses various errors/confirmations that are reported back to the 
management station based on authentication results, Column 13, lines 15+). Note that 
the VPN used by Arrow by definition uses a tunneling protocol. Per Netwon's Telecom 
Dictionary, tunneling is defined as: "...the process of encapsulating an encrypted data 
packet in an IP packet for secure transmission across an inherently insecure IP 
network, such as the Internet". This is precisely what Arrow is performing, where the 
data is compressed, authenticated and encrypted and sent over the Internet (Fig. 2, 
elements 240 and 250). Further note the plurality of the network devices (Fig. 1 shows 
multiple remote client and VPN Units), all being capable of performing 
routing/forwarding and each having the management port of Fig. 7 to transfer router 
information (per claims 66). 
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10. Per claims 48,57 and 62, Arrow discloses the network device includes a routing 
and forwarding module (Fig. 7, elements 716 and 724 both route/forward the 
configuration data) and the management VPN module (VPN management station 160) 
that is coupled to the VPN unit via the public network (Fig. 1). 

1 1 . Per claims 49,53,58,63 and 67, Arrow discloses the network devices being a 
gateway (Fig. 1) per the definition of gateway from Netwon's telecom dictionary: "...an 
entrance and exit into a communications network". The gateway also meets the stricter 
definition of the word, which is a node between two networks, which is shown in Fig. 1 , 
where the VPN unit and router, elements 114 and 1 16 sit between the public network 
and the LAN. 

12. Per claims 50,54,59,64 and 68, Arrow discloses the network device can perform 
Internet Protocol services (Column 6, lines 50-55) 

1 3. Per claims 51 ,55,60,65 and 69, Arrow discloses the source of non-VPN 
management commands is one of a non-VPN management device (management 
devices perform both configuration and encryption functions, so is both a non-VPN and 
VPN device) and non-VPN management function (Fig. 1, element 160 is the 
management device, Column 13, lines 5+ disclose configuration request commands 
that are performed as a function of the management station). 

Conclusion 

14. THIS ACTION IS MADE FINAL- Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutoofoperiod for reply to this final action is set to expire THREE 
% 

MONTHS from the mailing d'ate of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing datefof this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Alan S. Chen whose telephone number is 571-272- 
4143. The examiner can normally be reached on M-F 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim N. Huynh can be reached on 571-272-4147. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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